BR112015031853A2 - autenticação de processo e permissões de recurso - Google Patents

autenticação de processo e permissões de recurso

Info

Publication number
BR112015031853A2
BR112015031853A2 BR112015031853A BR112015031853A BR112015031853A2 BR 112015031853 A2 BR112015031853 A2 BR 112015031853A2 BR 112015031853 A BR112015031853 A BR 112015031853A BR 112015031853 A BR112015031853 A BR 112015031853A BR 112015031853 A2 BR112015031853 A2 BR 112015031853A2
Authority
BR
Brazil
Prior art keywords
permissions
metadata
operating
digital signature
binary file
Prior art date
Application number
BR112015031853A
Other languages
English (en)
Other versions
BR112015031853A8 (pt
Inventor
Damiano Adam
U Kishan Arun
M Mcpherson Dave
Sridharan Giridharan
Kannan Gopinathan
M Andes Jonathan
Kinshumann Kinshuman
J Khan Salahuddin
P Gottumukkala Sunil
Agarwal Vishal
Original Assignee
Microsoft Technology Licensing Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US13/925,703 priority Critical patent/US9515832B2/en
Application filed by Microsoft Technology Licensing Llc filed Critical Microsoft Technology Licensing Llc
Priority to PCT/US2013/061080 priority patent/WO2014209416A1/en
Publication of BR112015031853A2 publication Critical patent/BR112015031853A2/pt
Publication of BR112015031853A8 publication Critical patent/BR112015031853A8/pt

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy

Abstract

a presente invenção refere-se a técnicas e sistemas descritos no presente documento que estão presentes em várias implantações de um modelo para autenticar processos para execução e especificar e reforçar restrições de permissão em recursos de sistema para processos e usuários. em algumas implantações, um arquivo binário para um aplicativo, programa ou processo pode ser aumentado para incluir uma assinatura digital criptografada com uma chave de modo que um sistema operacional possa autenticar, de forma subsequente, a assinatura digital. uma vez que o arquivo binário tenha sido autenticado, o sistema operacional pode criar um processo e marcar o processo com metadados que indicam o tipo de permissões que são permitidas para o processo. os metadados podem corresponder a um nível de acesso particular para especificar as permissões de recurso.
BR112015031853A 2013-06-24 2013-09-21 sistema, método e dispositivo de armazenamento legível em computador para concessão de acesso de processo para um recurso de sistema BR112015031853A8 (pt)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US13/925,703 US9515832B2 (en) 2013-06-24 2013-06-24 Process authentication and resource permissions
PCT/US2013/061080 WO2014209416A1 (en) 2013-06-24 2013-09-21 Process authentication and resource permissions

Publications (2)

Publication Number Publication Date
BR112015031853A2 true BR112015031853A2 (pt) 2017-07-25
BR112015031853A8 BR112015031853A8 (pt) 2019-12-31

Family

ID=49293916

Family Applications (1)

Application Number Title Priority Date Filing Date
BR112015031853A BR112015031853A8 (pt) 2013-06-24 2013-09-21 sistema, método e dispositivo de armazenamento legível em computador para concessão de acesso de processo para um recurso de sistema

Country Status (7)

Country Link
US (1) US9515832B2 (pt)
EP (1) EP3014511A1 (pt)
JP (1) JP6286034B2 (pt)
CN (1) CN105408912B (pt)
BR (1) BR112015031853A8 (pt)
RU (1) RU2637878C2 (pt)
WO (1) WO2014209416A1 (pt)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9537892B2 (en) 2012-12-20 2017-01-03 Bank Of America Corporation Facilitating separation-of-duties when provisioning access rights in a computing system
US9639594B2 (en) 2012-12-20 2017-05-02 Bank Of America Corporation Common data model for identity access management data
US9542433B2 (en) 2012-12-20 2017-01-10 Bank Of America Corporation Quality assurance checks of access rights in a computing system
US9489390B2 (en) 2012-12-20 2016-11-08 Bank Of America Corporation Reconciling access rights at IAM system implementing IAM data model
US9189644B2 (en) 2012-12-20 2015-11-17 Bank Of America Corporation Access requests at IAM system implementing IAM data model
US9529629B2 (en) 2012-12-20 2016-12-27 Bank Of America Corporation Computing resource inventory system
US9483488B2 (en) 2012-12-20 2016-11-01 Bank Of America Corporation Verifying separation-of-duties at IAM system implementing IAM data model
US9477838B2 (en) 2012-12-20 2016-10-25 Bank Of America Corporation Reconciliation of access rights in a computing system
US9495380B2 (en) 2012-12-20 2016-11-15 Bank Of America Corporation Access reviews at IAM system implementing IAM data model
US9407638B2 (en) 2013-08-26 2016-08-02 The Boeing Company System and method for trusted mobile communications
US9344439B2 (en) * 2014-01-20 2016-05-17 The Boeing Company Executing unprotected mode services in a protected mode environment
KR101671989B1 (ko) * 2014-02-10 2016-11-03 한국전자통신연구원 전자 서명 제공 장치 및 방법
US10776457B1 (en) * 2014-07-22 2020-09-15 Epic Games, Inc. System and method for preventing execution of unauthorized code
CN105404819A (zh) * 2014-09-10 2016-03-16 华为技术有限公司 一种数据访问控制方法、装置以及终端
US10049218B2 (en) 2016-12-07 2018-08-14 Google Llc Rollback resistant security
US10432407B2 (en) * 2016-12-19 2019-10-01 Arris Enterprises Llc Secure provisioning of unique time-limited certificates to virtual application instances in dynamic and elastic systems
EP3376464A1 (en) * 2017-03-14 2018-09-19 Electronics and Telecommunications Research Institute Trust-based resource sharing method and system
US10572680B2 (en) * 2017-03-21 2020-02-25 Microsoft Technology Licensing, Llc Automated personalized out-of-the-box and ongoing in-application settings
WO2020081077A1 (en) * 2018-10-18 2020-04-23 Hewlett-Packard Development Company, L.P. Creating statistical analyses of data for transmission to servers
US10812272B1 (en) 2020-01-13 2020-10-20 Cyberark Software Ltd. Identifying computing processes on automation servers

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6023765A (en) * 1996-12-06 2000-02-08 The United States Of America As Represented By The Secretary Of Commerce Implementation of role-based access control in multi-level secure systems
US6289462B1 (en) * 1998-09-28 2001-09-11 Argus Systems Group, Inc. Trusted compartmentalized computer operating system
US6981281B1 (en) 2000-06-21 2005-12-27 Microsoft Corporation Filtering a permission set using permission requests associated with a code assembly
EP2306259B1 (en) 2000-09-21 2015-05-27 BlackBerry Limited Software code signing system and method
EP1225512A1 (en) 2001-01-19 2002-07-24 Eyal Dotan Method for protecting computer programs and data from hostile code
FR2901038A1 (fr) * 2006-05-15 2007-11-16 France Telecom Procede et dispositif de configuration securisee d'un terminal au moyen d'un dispositif de stockage de donnees de demarrage
US8381306B2 (en) 2006-05-30 2013-02-19 Microsoft Corporation Translating role-based access control policy to resource authorization policy
US8117441B2 (en) 2006-06-20 2012-02-14 Microsoft Corporation Integrating security protection tools with computer device integrity and privacy policy
CN101231712A (zh) * 2007-01-23 2008-07-30 上海宝信软件股份有限公司 业务授权模型及其在具体业务应用中的设定方法
US8196184B2 (en) * 2007-02-16 2012-06-05 Microsoft Corporation Efficient data structures for multi-dimensional security
US8433927B2 (en) 2007-05-29 2013-04-30 International Business Machines Corporation Cryptographically-enabled privileged mode execution
JP5043786B2 (ja) * 2008-09-10 2012-10-10 Kddi株式会社 アクセス制御システム、アクセス制御方法
US8973158B2 (en) 2011-07-20 2015-03-03 Microsoft Technology Licensing Llc Trust level activation
US8832447B2 (en) * 2011-08-10 2014-09-09 Sony Corporation System and method for using digital signatures to assign permissions
CN102354356B (zh) * 2011-09-29 2014-06-04 用友软件股份有限公司 数据权限管理装置和方法

Also Published As

Publication number Publication date
JP2016527608A (ja) 2016-09-08
BR112015031853A8 (pt) 2019-12-31
CN105408912A (zh) 2016-03-16
WO2014209416A1 (en) 2014-12-31
US20140380058A1 (en) 2014-12-25
EP3014511A1 (en) 2016-05-04
RU2637878C2 (ru) 2017-12-07
CN105408912B (zh) 2018-09-14
US9515832B2 (en) 2016-12-06
JP6286034B2 (ja) 2018-02-28
RU2015155272A (ru) 2017-07-28

Similar Documents

Publication Publication Date Title
AU2019268183A1 (en) Fingerprint based authentication for single sign on
EP3591931A4 (en) Authentication method, and authentication data processing method and device based on blockchain
IL249414D0 (en) Analyzing facial recognition data and social network data for user authentication
BR112017016942A2 (pt) sistemas e métodos para executar autenticação de usuário baseada em impressão digital usando imagens capturadas usando dispositivos móveis
BR112017002747A2 (pt) computer implemented method, and, computer system.
EE201800028A (et) Plotchain based multiple identity control system and method
SG10201802554YA (en) Blockchain-based digital identity management method
WO2015162072A3 (en) Instant messaging systems and methods
WO2016060722A3 (en) Homomorphic encryption in a healthcare network environment, system and methods
HK1252700A1 (zh) 用於創建、驗證和管理身份的方法及系統
EP3346633A4 (en) Permission information management system, user terminal, proprietor terminal, permission information management method, and permission information management program
WO2017106101A3 (en) Techniques for metadata processing
HK1221795A1 (zh) Identity authentication method, device, terminal and server
BR112016024453A2 (pt) transporte seguro de máquinas virtuais criptografadas com acesso contínuo do proprietário
EP3443706A4 (en) System and methods for validating and performing operations on homomorphically encrypted data
MX2019002184A (es) SYSTEM FOR DISTRIBUTED INTELLIGENT REMOTE DETECTION SYSTEMS.
AU2015200905B9 (en) Method and system for providing an efficient vulnerability management and verification service
BR112015024562A2 (pt) método, aparelho e sistema para autenticação de acesso e programa de computador
WO2014140807A3 (en) Method, system, and device for generating, storing, using, and validating nfc tags and data
EP2706724A3 (en) Systems and methods for secure file portability between mobile applications on a mobile device
WO2016049636A3 (en) Remote server encrypted data provisioning system and methods
BR112016005604A8 (pt) biometric feedback security and key generation
AR102007A1 (es) Sistema, método implementado por computadora y dispositivo informático de autenticación para acceder a recursos en base a desafíos
BR112016026543A2 (pt) sistema de rede de virtualização de funções de rede e método de processamento de dados, e aparelho.
MX2015012646A (es) VERIFICATION OF LOCATION OF MULTIPLE FACTORS.

Legal Events

Date Code Title Description
B06U Preliminary requirement: requests with searches performed by other patent offices: suspension of the patent application procedure